Investigation and Forensic Unit Policy and Procedures ... · Investigation and Forensic Unit Policy...

Investigation and Forensic Unit

Policy and Procedures Manual

Office of the Comptroller General

Investigation and Forensic Unit Policy and Procedures Manual

TABLE OF CONTENTS

1. INTRODUCTION ................................................................................................................................... 1

1.1. PURPOSE OF THE MANUAL ............................................................................................................... 1 1.2. REQUIREMENTS FOR USE OF MANUAL - ATTESTATION ....................................................................... 1

2. FRAUD MANAGEMENT ...................................................................................................................... 2

2.1. MANDATE ........................................................................................................................................ 3 2.2. VISION, MISSION AND GOALS ........................................................................................................... 3 2.3. AUTHORITY ..................................................................................................................................... 3 2.4. ROLES AND RESPONSIBILITIES ......................................................................................................... 4

3. PROFESSIONAL STANDARDS FOR INVESTIGATIONS .................................................................. 5

4. MANAGING INVESTIGATIVE FUNCTIONS ........................................................................................ 5

5. CASE MANAGEMENT ......................................................................................................................... 6

6. INITIAL INVESTIGATIVE CONSIDERATIONS ................................................................................... 6

6.1. PRINCIPLES OF ADMINISTRATIVE FAIRNESS ....................................................................................... 6 6.2. CONFLICT OF INTEREST ................................................................................................................... 7

7. INITIAL INVESTIGATIVE PROCESS .................................................................................................. 7

7.1. OVERVIEW OF INITIAL INVESTIGATIVE PROCESS ................................................................................ 7 7.2. INVESTIGATIVE TIERS ....................................................................................................................... 8 7.3. PRELIMINARY ASSESSMENT ............................................................................................................. 8 7.4. ENGAGEMENT METHOD GUIDE ......................................................................................................... 8 7.5. USE OF LEGAL COUNSEL ................................................................................................................. 9 7.6. EXECUTIVE ACCOUNTABILITIES IN TIER 4 AND 5 INVESTIGATIONS ....................................................... 9 7.7. MILESTONE METHODOLOGY ........................................................................................................... 10

8. INVESTIGATIVE ENGAGEMENT ...................................................................................................... 10

8.1. PLANNING AND SCOPE OF WORK ................................................................................................... 10 8.1.1. Terms of Reference............................................................................................................. 11 8.1.2. Investigation Plan ................................................................................................................ 12

8.2. EVIDENCE COLLECTION AND ANALYSIS ........................................................................................... 13 8.2.1. Interviews ............................................................................................................................ 13

8.3. REPORTING ................................................................................................................................... 14 8.3.1. Comptroller General Reports .............................................................................................. 15 8.3.2. Quality Assurance Review .................................................................................................. 15 8.3.3. Report Disclaimer and Scope Limitation Statements .......................................................... 16 8.3.4. Report Distribution Log ....................................................................................................... 16 8.3.5. Report preparation and retention ........................................................................................ 16

8.4. FILE DOCUMENTATION ................................................................................................................... 16

9. MONITORING ENGAGEMENTS ........................................................................................................ 17

10. INFORMATION MANAGEMENT – ELECTRONIC AND PHYSICAL ............................................ 18

10.1. LAN DRIVE ................................................................................................................................... 18 10.2. TRANSFERRING OF INFORMATION IN TRANSIT .................................................................................. 18 10.3. EMAILS IN STORAGE ...................................................................................................................... 18 10.4. PHYSICAL DOCUMENTS AND EVIDENCE ........................................................................................... 19

10.4.1. Chain of Custody ................................................................................................................. 19 10.4.2. Physical Files ...................................................................................................................... 19

10.5. RECORDS MANAGEMENT PROCESS ................................................................................................ 20 10.6. EMAIL SEARCH SOFTWARE - NUIX .................................................................................................. 20


11. INFORMATION PROTECTION ...................................................................................................... 21

12. WORKING OUTSIDE OF THE WORKPLACE .............................................................................. 21

12.1. REMOTE ACCESS .......................................................................................................................... 21 12.2. PAPER BASED DOCUMENTS ........................................................................................................... 22

13. TECHNOLOGY RECOVERY STRATEGIES ................................................................................. 22

14. RELIANCE ON WORK OF OTHERS ............................................................................................. 22

14.1. PROCUREMENT OF SERVICE CONTRACTORS ................................................................................... 23 14.2. EXCHANGE OF CONFIDENTIAL INFORMATION TO THIRD PARTIES ...................................................... 23

15. ASSET MANAGEMENT ................................................................................................................. 24

16. TRAINING AND COMPETENCY.................................................................................................... 24

17. INTERNAL INVESTIGATIONS WORKING GROUP ..................................................................... 24

18. REPORTING INCIDENTS TO LAW ENFORCEMENT .................................................................. 25

APPENDIX A: PROFESSIONAL STANDARDS FOR INVESTIGATIONS .................................................................. 26 APPENDIX B: CASE TRACKING SYSTEM ...................................................................................................... 30 APPENDIX C: ADMINISTRATIVE FAIRNESS EVALUATION TOOL ....................................................................... 32 APPENDIX D: IU INVESTIGATIVE PROCESS DIAGRAM ................................................................................... 38 APPENDIX E: STANDARD ON INVESTIGATIVE TIERS ...................................................................................... 39 APPENDIX F: PRELIMINARY ASSESSMENT TOOL .......................................................................................... 42 APPENDIX G: ENGAGEMENT METHOD GUIDE .............................................................................................. 43 APPENDIX H: EXECUTIVE ACCOUNTABILITIES IN TIER 4 AND 5 INVESTIGATIONS............................................. 48 APPENDIX I: REPORTING CHECKLIST .......................................................................................................... 50 APPENDIX J: REPORT DISTRIBUTION LOG ................................................................................................... 53 APPENDIX K: REVIEWER’S CHECKLIST ........................................................................................................ 54 APPENDIX L: INTERVIEW PROCESS ............................................................................................................. 59 APPENDIX M: DISCLAIMER STATEMENTS ..................................................................................................... 63 APPENDIX N: CHAIN OF CUSTODY FORM .................................................................................................... 64 APPENDIX O: STATEMENT OF UNDERSTANDING .......................................................................................... 65


1

1. INTRODUCTION

Fraud is a threat that adversely affects an organization’s operations. Fraud involves intentional use of deception or dishonesty to secure an unfair or unlawful financial or personal gain and/or deprive another of their property, money or legal right. The cost of fraud is not limited to financial losses; it can also damage an organization’s reputation.

The Comptroller General is responsible and accountable for providing ministries with direction on fraud risk management, and investigating and monitoring suspected fraud incidents, where appropriate. As directed by the Comptroller General, the Investigation and Forensic Unit (IU), provides investigative services and guidance involving fraud and/or financial mismanagement to assist in their prevention, detection, investigation, and loss mitigation.

1.1. Purpose of the Manual

The purpose of the Investigation and Forensic Unit Policy and Procedure Manual (IU PPM) is to document and communicate to staff, contractors, and other stakeholders the professional standards, principles, policies and procedures that are to be adhered to when conducting investigations of alleged fraud and/or financial mismanagement within the BC Public Service.

The IU PPM is a reference source that:

documents professional standards to be applied when conducting investigations of

allegations and/or concerns of financial irregularities;

identifies relevant government legislation and policy that investigators are to adhere to

when performing their duties;

documents investigative procedures and processes to be utilized in conducting or

monitoring investigations;

provides a methodology to be applied while conducting investigative activities;

documents security and information management and protection standards; and

identifies quality assurance review processes.

The IU PPM is reviewed on a periodic basis to ensure it reflects changes to regulatory requirements, core policy, professional standards and leading practices.

The IU PPM complements government legislation, regulation and professional standards. This manual does not supersede any government legislation, regulation or policies such as BC Public Sector Employee Standards of Conduct, or the CPA Rules of Professional Conduct.

The IU PPM applies to all investigations conducted by the Comptroller General under the Financial Administration Act.

1.2. Requirements for Use of Manual - Attestation

Prior to commencing investigative work, new IU staff and service providers (i.e. contractors) are required to review the IU PPM and attest to their understanding and acceptance of their obligations and responsibilities. Specifically, staff and service providers are to complete and submit the Statement of Understanding (located at the end of this manual) to the Director, Operations - Investigation and Forensic.

Annually team members are required to review the manual and re-attest to their understanding of their obligations and responsibilities.


2

2. FRAUD MANAGEMENT

Perpetrating fraud involves individuals intentionally being deceptive or dishonest to secure an unfair or unlawful financial or personal gain and/or create a loss for another. Fraud includes actions such as theft, embezzlement, fraudulent disbursements, procurement schemes, asset misuse, corruption, and conflict of interest situations. A fraud threat can come from internal or external sources.

An effective fraud program is an essential element of risk mitigation for successful financial management within government; specifically, a fraud program reduces fraud threats and enhances public confidence in the BC Public Service. Internal controls are the principal mechanisms for preventing and detecting fraud. The primary responsibility for establishing and maintaining controls rests with ministry management.

The objective of a fraud program is not to fully eliminate fraud. Fraud, or the potential for fraud to occur, will always exist. A functional fraud risk management program model is based on the following four objectives:

Prevention: The purpose of preventative controls is to reduce opportunities to commit fraud and deter potential offenders because of the likelihood of detection and punishment. Preventive controls include but are not limited to legislation, policies, procedures, controls, and fraud awareness training.

Detection: Effective detective controls identify fraud incidents in a timely manner and reduce the impact of possible losses. Controls include regulatory and policy reporting requirements1, loss incident and exception reports, ongoing risk assessments, and data mining techniques.

Investigation: Ministry management has the responsibility? to respond to detected or suspected fraud incidents with objective and comprehensive investigations with an eye toward discipline and/or litigation. The purpose of an investigation is to obtain and secure sufficient and appropriate evidence to assess alleged and/or suspected misconduct.

Corrective Action: Ministry management has the responsibility? to take action to remedy the harm caused by fraud incidents and mitigate relevant risks. Corrective actions may involve recovery efforts, discipline, and referral to law enforcement agencies. Corrective actions may be needed during the investigation to mitigate further loss or preserve potential evidence. Such actions may include suspension or replacement of employees, implementation of control improvements and/or actions to safeguard assets.

1 The Financial Administration Act, section 33.2, and CPPM 4.3.20, obligates every member of the public

service to report to the Comptroller General any expenditure or payment that they consider contravenes sections 32.1 to 33.1. In addition, in accordance with the BC Public Service Agency, Standards of Conduct for Public Service Employees (Human Resources Policy 09), employees have a duty to report any situation relevant to the BC Public Service that they believe contravenes the law, misuses public funds or assets, or represents a danger to public health and safety or a significant danger to the environment.


3

2.1. Mandate

The mandate of the IU is to strengthen financial management across government with an effective response to fraud incidents and to build an ‘anti-fraud’ culture that includes:

examining and evaluating fraud incidents, guided by formally documented policies and

procedures, and quality assurance practices;

respecting the rights of individuals with fair investigation practices;

increasing accountability with fraud awareness training, ensuring defined accountabilities

for key roles, and strengthening the fraud risk management framework; and

continuous improvement of a rigorous investigation framework.

2.2. Vision, Mission and Goals

Vision: To provide leadership in the prevention, detection and investigation of financial impropriety across government.

Mission: To investigate, monitor, and provide professional guidance, which facilitates an effective response to fraud incidents for the Comptroller General, as well as raise ‘fraud awareness’ through formal training for the purpose of building an ‘anti-fraud’ culture in the BC Public Service.

Goals: The IU’s goals are to:

Effectively respond to reported fraud incidents

Investigate fraud incidents in a timely and efficient manner

Raise fraud awareness in the BC Public Service

Assist ministry management in building a robust anti-fraud culture

Provide professional services to assist in fraud prevention and detection

Respect the rights of individuals

2.3. Authority

The Financial Administration Act outlines the Comptroller General’s power, function and duties. The key sections (inclusive of subsections) of the FAA are as follows:

Section 8 Comptroller General Section

Section 9 Duties of the Comptroller General

Subsection 33.2 Obligation to Report to Comptroller General

Section 34 Comptroller General Authority


4

2.4. Roles and Responsibilities

With respect to loss management and reporting, the Core Policy and Procedures Manual (CPPM) Chapter 20 identifies the following roles and responsibilities:

The Comptroller General

provides contact, training and policy information to support the reporting of losses due to

illegal activities, potential fraud and financial improprieties;

ensures employees can report losses on a confidential basis;

provides ministries with guidance and tools for the prevention, detection, investigation,

reporting and mitigation of losses;

ensures that persons involved in an investigation have the necessary skills; and

may direct the IU to conduct or otherwise assist in the investigation of a reported loss.

Ministries through the responsibility of the ministry deputy minister:

design and maintain internal processes for managing fraud risks including prevention,

detection, reporting, investigation, and mitigation;

review and amend processes as appropriate to minimize losses particularly following a

loss incident;

ensure employees comply with government’s Standards of Conduct for Public Service

Employees; and

determine the requirement for criminal record checks and enhanced security screening

for designated positions within the BC Public Service.

The Corporate Compliance and Controls Monitoring Branch is responsible for:

detecting control weaknesses and inappropriate payments and recommend corrective

action to ministries, central agencies, and the Comptroller General to prevent and

mitigate financial loss to government; and

reporting losses to ministries and the Comptroller General.

The Public Service Agency (PSA):

is concerned with labor relation issues and compliance with the standards of conduct;

and

provides guidance and advice to ministries investigating employee conduct, which have

the potential to result in employee discipline, litigation, and/or criminal charges.

Employees are to understand and comply with:

government’s Standards of Conduct for Public Service Employees; and

their obligation to report loss incidents, financial irregularities and or suspicious activities,

as per CPPM 4.3.20 & CPPM 20.3.

http://www2.gov.bc.ca/assets/gov/careers/managers-supervisors/managing-employee-labour-relations/standards_of_conduct_printable_version.pdf

http://www.fin.gov.bc.ca/ocg/fmb/manuals/CPM/04_Expense_Mgmt.htm


5

3. PROFESSIONAL STANDARDS FOR INVESTIGATIONS

Investigations concerning financial irregularities conducted under of the Comptroller General’s mandate are to adhere to Standard Practices for IFA Engagements. These professional standards require that individuals performing investigative and forensic accounting engagements, at a minimum must have professional accounting skills, investigative skills, and an investigative mindset.

Standard Practices for IFA Engagements were established by the Alliance for Excellence in Investigative and Forensic Accounting (IFA Alliance) in 1998. CPA Canada requires its members that are conducting investigative and forensic accounting engagements to comply with Standard Practices for IFA Engagements. CPA’s performing investigative and forensic accounting engagements must also abide by the standards of the accountancy profession and applicable codes of conduct.

The Association of Certified Fraud Examiners (ACFE) issued the CFE Code of Professional Standards in February 2001 that identifies basic principles of ethical behavior to guide members in the fulfillment of their duties.

Any individual performing investigative engagements for the Comptroller General are to abide by the CFE Code of Professional Standards, as well as, the Standard Practice for IFA Engagements. The professional standards applicable to the IU are outlined in Appendix A Professional Standards for Investigations.

4. MANAGING INVESTIGATIVE FUNCTIONS

The IU, under the direction and delegation of the Comptroller General, provides professional investigative services and guidance to assist ministries with their prevention, detection, investigation, and loss mitigation of fraudulent incidents. In general, the IU activities include but are not limited to:

conducting or overseeing investigative engagements;

providing advice on fraud policy and procedures;

promoting fraud and loss incident reporting requirements;

co-ordinating efforts with other investigative units in the BC Public Service; and

participating on various committees and working groups.

The Comptroller General, or an employee as delegated by the Comptroller General, has administrative and functional oversight of the IU. This includes ensuring but not limited to:

IU staff have the necessary skills and competencies to perform investigative

engagements;

managing and providing direction to staff and service providers;

verifying that investigative and monitoring engagements conducted by IU support its

mandate, meet stakeholder needs, and comply with relevant professional standards and

government’s own policies and procedures; and

supporting fraud prevention training and promoting fraud awareness in the BC public

sector.


6

5. CASE MANAGEMENT

The IU’s case management approach is to ensure that all incidents reported to the Office of the Comptroller General (COG) are captured in a case tracking system. The system uses an excel spreadsheet to record, monitor and update the status of reported incidents.

Refer to Appendix B Case Tracking System for a detailed listing of information to document.

6. INITIAL INVESTIGATIVE CONSIDERATIONS

All IU team members must adhere to principles of administrative fairness and address conflict of interest situations throughout the lifecycle of the engagement.

6.1. Principles of Administrative Fairness

The integrity of an administrative decision making process is important to sound governance of the BC Public Sector. An administrative decision making process involves gathering and assessing information, and identifying and considering alternative resolutions for the purpose of reaching a fair and correct decision.

In the BC Public Sector, a decision maker is a government official, or a group of government officials, that are authorised to make a decision that adheres to government legislation or regulation.

Whenever the rights of an individual may be affected by a government official exercising their decision making authority, there is an expectation that the decisions are made in accordance with the principles of administrative fairness.

The concept of administrative fairness is based on the recognition of procedural fairness to ensure that decisions of government employee are arrived at fairly. Specifically, administrative fairness involves the processes and interaction used to follow-up on procedural fairness. Procedural fairness is the legislation, regulations, policies, procedures and practices governing the BC Public Sector.

IU team members (staff and contractors) are required to follow the principles of administrative fairness while conducting an investigation. The Comptroller General has identified five principles to safeguard administrative fairness and support sound investigative practice. The principles include:

inform those involved in the complaint of the main points of any allegation;

provide persons with a reasonable opportunity to explain their actions;

meet with all relevant parties associated with the concern under investigation and assess

all pertinent information with objectivity and without bias;

treat all persons fairly and with respect; and

conduct the investigation in a timely manner and without unnecessary delay.

The Comptroller General’s Administrative Fairness Evaluation Tool (Appendix C) is a self-assessment of each phase of the investigative process against the five administrative fairness principles. The results of the assessment provide documentary evidence that the principles of administrative fairness are applied throughout each investigation.

The Comptroller General must approve the evaluation before the results of the investigation are reported out.


7

6.2. Conflict of Interest

Prior to starting an investigative process, all participating individuals (e.g. IU staff or contractors, Government entity information gatherers, representatives or decision-makers) are to consider whether they are an actual or potential conflict of interest with any of the issues or parties that could be involved in the investigation. The individuals are to notify the Comptroller General, in writing, of the circumstances resulting in an actual of potential conflict of interest. Throughout the investigative process individuals are required to notify the Comptroller General of any changes in the circumstances that would result in them being in a conflict of interest.

At the Comptroller General’s discretion, employees involved in the investigation may be required to complete a conflict of interest declaration.

The disclosure and the Comptroller General’s decision regarding how the conflict must be managed must be documented and monitored for compliance.

7. INITIAL INVESTIGATIVE PROCESS

The sections below outline elements of the IU’s investigative process. As each engagement is unique, not all process may apply in each case. The investigation team must use professional judgment and follow professional standards in the approach taken to meet engagement objectives.

7.1. Overview of Initial Investigative Process

Most investigative engagements result from ministries or individuals reporting loss incidents or concerns of financial irregularities, wrongdoing and/or mismanagement to the OCG. Some investigate engagements are a result of incidents identified through review and data mining techniques performed by 3CMB, OCG.

A reported incident may be by verbal notification or written communication. The individual reporting the incident may identify himself or herself, use an alias, or remain anonymous. Specifics of reported incidents must be treated as confidential unless disclosure of information is authorized or required by law.

For each reported incident, the IU must assess the concern(s) to determine the appropriate course of action. This may require further information from the government entity (ministry, government organization or government corporation) involved and co-ordination of the concern with other government investigative units.

The IU investigative process is as follows (refer to Appendix D IU Investigative Process Diagram):

Upon the receipt of an allegation, the Comptroller General contacts the complainant (if

possible) to get further details of the concerns.

Based on information gathered, the risk of the reported concerns are assessed (e.g. risk,

credibility, plausibility, within Comptroller General’s mandate) and next steps are

determined that can include but not limited to:

o proceeding to inform the government entity of the complaint and the investigative

process, and request that the government entity prepare an information package

related to the allegations or concerns.

o referring the concerns to another government investigative group.


8

o no further action being taken.

Based on information gathered by the government entity, IU conducts a preliminary

assessment to determine if an investigation is warranted. (discussed below in section

6.2)

If an investigation is warranted, the engagement method must be determined.

Engagements can be conducted by IU staff or contractors, or government entity staff (or

their contractors).

Throughout the investigative process the Comptroller General will seek to reach consensus with government entity’s decision-maker on how to proceed.

7.2. Investigative Tiers

IU, in collaboration with other internal investigative units, has developed a common standard to guide hierarchy of loss incidents, or events, reported to the Comptroller General. Using a hierarchal structure provide a framework to establish consistent processes for incidents of a certain level, and also promotes a more consistent understanding of the seriousness of an incident.

Each allegation/incident event reported to the Comptroller General must be categorised in one of the five tiers. Initial assignment of a tier can change as new information becomes available. Initial assignment is based on the likelihood of the most serious possible outcome.

Refer to Appendix E for the common Standard on Investigation Tiers.

7.3. Preliminary Assessment

The IU utilizes criteria to determine how to proceed with the allegations reported and information gathered. The criteria are also used to guide the priority of investigating multiple allegations on the same subject matter. The IU defines its assessment criteria as:

type of financial impropriety

an informant’s credibility

magnitude, pervasiveness and severity

significance or impact

available evidence

In addition, IU also considers achievability of results – does the allegation appear specific enough to enable gathering of targeted information and there is a likelihood of readily available documentation (or individuals) against which to review the allegation.

Refer to Appendix F for the Preliminary Assessment Tool. The preliminary assessment determination requires approval by the Comptroller General.

7.4. Engagement Method Guide

The Engagement Method Guide (EMG) is prepared subsequent to the completion of a preliminary assessment that determines whether an investigation is warranted. The purpose of the EMG is to assist in determining the sourcing for the investigation as follows:

IU conducts the investigation;


9

the investigation is outsourced with IU overseeing the engagement; or

IU monitors an internal investigation conducted by the government entity that involves

internal staff conducting the investigation or the government entity outsources the

engagement.

Refer to Appendix G for the Engagement Method Guide. The sourcing determination requires approval by the Comptroller General.

7.5. Use of Legal Counsel

Assignment of a tier to the reported incident can influence (the likelihood of) the IU’s decision to engage legal counsel in the investigative proceedings. Engaging legal counsel is assessed on a case-by-case basis; however, the following is a guideline that can be considered in the determination of informing legal counsel of the concerns at the outset of the proceedings:

Tier 1: do not inform

Tier 2: likely no need to inform

Tier 3: may need to inform

Tier 4: likely need to inform

Tier 5: need to inform

The decision to involve legal counsel must be re-visited as the severity of the loss incident escalates during the investigative proceedings. Specific subject areas that legal counsel could be engaged on, but not limited to are:

On matters of legal opinion and to clarify whether legislative authorities may apply to a

given set of facts;

To validate conclusions the IU has reached about whether legislative authorities and/or

government policy may apply to a given set of facts;

To ensure IU takes appropriate steps in the course of an investigation to ensure

administrative fairness;

On legal issues in relation to IU’s process (e.g. principles of evidence collection), to

ensure the IU operates within the bounds of the law;

The subject matter under investigation is operating in a complex regulatory environment;

or

Reporting of non-emergency incidents under investigation to law enforcement

The decision to engage legal counsel requires approval by the Comptroller General.

7.6. Executive Accountabilities in Tier 4 and 5 Investigations

IU, in collaboration with other internal investigative units, has developed a common standard to outline the accountabilities of executive in tier 4 and 5 investigations. Defining common executive accountabilities provides a framework to establish consistent processes for incidents of a certain level, and also promotes a more consistent decision-making process across investigative units.


10

This common standard breaks the investigative process into phases, separated by a waypoint or milestone. Each waypoint, depending on the tier, has differing executive accountabilities. An executive member is considered to be an ADM or higher, or delegate for the IU which has jurisdiction over the incident, and a ministry representative (ADM or higher).

There are three executive waypoints for tier 4 and 5 investigations, namely:

Go/no go for full investigation

Go/no go for investigative interviews

Accept/not findings of investigation and report

These are minimum executive accountabilities, and more frequent accountabilities/check-ins may occur. Furthermore, IU members must apply their judgement in determining at what point they have reached an executive accountability waypoint, as the waypoints are based on common investigative principles, and not necessary specific investigative steps of the IU Investigative Process as described in Appendix D.

Refer to Appendix H for the common standard on Executive Accountabilities in Tier 4 and 5 Investigations.

7.7. Milestone Methodology

The IU investigative process is based on milestones that which represent key decision points in determining next steps throughout the investigative lifecycle.

At each milestone a value for money assessment is performed that involves reviewing timelines, costs and benefits. Observations are generated within 60 to 90 days of receiving an allegation or complaint, and every 30 days thereafter, for reporting to the respective ministry or stakeholder. See Appendix D illustrating the milestone methodology.

8. INVESTIGATIVE ENGAGEMENT

Fraud examination is a methodology for resolving fraud allegations from inception to completion. Specifically, fraud examination involves:

obtaining evidence;

analyzing and assessing evidence;

conducting interviews;

reporting findings and conclusions; and

taking statements and testifying to findings, as warranted.

Fraud investigations are to be conducted only if there is adequate cause or predication. When conducting fraud investigations the rights of individuals must be considered at all times.

8.1. Planning and Scope of Work

An investigation plan determines the nature of the work to be conducted and provides assurance that the engagement objectives are achieved within investigative standards. For IFA standards, refer to Appendix A Planning Standards.

Planning an investigative engagement consists of establishing:


11

the overall purpose of the engagement;

the engagement objectives;

what will need to be examined (scope);

how the evidence gathered will be analyzed and corroborated (approach);

resources, including specialists; and

estimated time and costs to perform the investigation

An engagements purpose is a high-level objective statement identifying why the engagement is being conducted. For example: The purpose of the engagement is to provide the ministry with sufficient evidence to confirm or dispel allegations involving the misappropriation of government assets by a specific employee.

Engagement objectives are statements that define what the investigation is trying to accomplish. These objectives are dependent on the concerns or allegations brought forth by the complainant or the reported loss incident.

An engagement scope refers to the breadth of the engagement that includes but not limited to:

records and documents that need to be examined (e.g. financial data, emails, employee

personnel records);

individuals, witnesses, persons of interests to be interviewed;

relevant procedures and policies to be reviewed;

processes and/or internal controls to be assessed;

the time period that will be subjected to an investigation; and

physical locations relevant to the investigation.

In assessing concerns of alleged financial irregularities or improprieties the investigator may need to compare actual events to what is to be expected. In establishing adequate criteria, the engagement team may need to rely on internal policies and procedures, and/or relevant legal statues and law. The engagement team may need to assess compliance with the criteria in order to confirm or refute allegations or concerns of wrongdoing.

8.1.1. Terms of Reference

A Terms of Reference (TOR) is prepared to document the above, and used to inform the client of the engagement’s purpose and structure. The TOR summarizes the investigative engagement and may include, but is not limited to:

an introduction;

a background summary;

a purpose statement;

the scope of the engagement;

the engagement objectives;

an approach;


12

a timeframe of significant milestones;

budgeted costs;

a report distribution listing;

engagement team members responsibilities; and

a report confidentiality clause.

The TOR requires approval by the Comptroller General (or delegate), and a Government entity decision-maker.

8.1.2. Investigation Plan

The investigation plan documents key planning decisions and provides direction to the engagement team throughout the engagement. It is subject to change and re-assessment as new facts are revealed. The investigation team must remain vigilant for events that might impact the plan.

The components of the work plan includes (but not limited to):

a purpose statement;

an engagement scope and objectives;

a scope component analysis (SCA) that includes:

o criteria that will be used to support assessments/findings under each objective;

o source and nature of evidence needed for analysis; and

o steps to be used to obtain, assess and corroborate the evidence.

a description of the business area activities specific to the scope of the issue being

investigated;

a fraud theory that is consistent with the engagement objectives and/or allegations;

staff requirements and budget matched to size and complexity of the engagement,

including non-IU staff if applicable; and

a budget with an anticipated timeline and costs to conduct the investigation.

The investigation plan, and any subsequent amendments, requires approval by the Comptroller General, and a Government entity decision-maker.

The Comptroller General must continue to assess the investigation team’s progress against the investigation plan on a regular basis, specifically ensuring relevancy of the plan related to (but not limited to):

the authority to conduct the investigation;

the investigation’s scope and objectives;

timing and resourcing of the investigation; and

continued access by investigators to materials and individuals.


13

The Comptroller General’s written assessment must occur at scheduled milestone intervals as determined in the investigation plan.

8.2. Evidence Collection and Analysis

In conducting an investigation, the engagement team members must maintain an adequate level of scepticism or investigative mindset. Investigators must apply a fraud theory approach that involves:

analyzing the information gathered;

postulating a hypothesis of what occurred;

testing the hypothesis; and

refining the hypotheses, as warranted.

During the information collection and analysis phase:

relevant evidence (records, documents, and other information) is collected;

the evidence collected is analyzed and compared to established criteria;

exceptions and findings are documented;

interviews with individuals, witnesses and persons of interest are conducted, as

warranted;

walkthroughs are conducted to assess controls, where appropriate; and

other techniques may be performed (e.g. use of specialists), as warranted.

For IFA standards refer to Appendix A Information Collection and Analysis Standards.

8.2.1. Interviews

Interviews are conducted for the specific purpose of eliciting, gathering and corroborating relevant information. To be effective an interview requires adequate planning and preparation, and should follow accepted practices for investigations (e.g. practices for admission seeking versus information interviews within confines of administrative fairness). Such factor included but not limited to:

preparing relevant interview questions;

organizing documentation that is to be presented to the interviewee;

determining the order that the individuals are to be interviewed;

booking an appropriate venue for the interviews; and

establishing an appropriate amount of time for the interview.

Use of a digital recording device enhances the quality of an investigative interview, while not using a digital recording device creates avoidable vulnerabilities in the investigative process. Refer to Appendix L Interview Process – Recording Interviews for further information.


14

Each investigation plan and terms of reference must indicate if digital recording devices will be utilised or not during the investigation, and to what extent (e.g. all interviews or only specific interviews).

Interviews must be conducted privately and under reasonable circumstances, with all questions of legitimate interest to the subject matter under investigation. At least two IU team members must be present during an interview, with one IU team member focus on note taking.

IU team members must exhibit professionalism and maintain objectivity throughout the interview. In addition, IU team member must adhere to the principle of procedural fairness throughout the interview process that includes respecting the rights of the interviewees. Appendix L: Interview Processes – Procedural Fairness lists actions that must be applied in the interview process to support administrative fairness and maintain the integrity of the IU’s investigative process.

The IU may be required to seek clarification or an explanation for documentation gathered during the investigative proceedings. On a case-by-case basis IU team members are to assess the impact of providing interviewees with information in advance of interview or providing the information during the questioning phase of the interview.

There may be circumstances in which providing information in advance of the interview may assist in the timely completion of an interview and information gathering proceedings. In these circumstances the individuals may be provided information in advance of the interview. Factors to consider when deciding to, or what to, provide in advance might be (but not limited to):

Length of time between the incident and interview and the need to refresh e.g.

remember;

Volume of information related to the incident;

Complexity or technicality aspects related to the incident;

Privacy – consideration on disclosing 3rd party personal information; or

Not disclosing identify of complaints unless absolutely necessary.

There might be occasions where the investigation benefits from an impromptu response from an interviewee. In these circumstances providing the individual information in advance of the interview may significantly compromise the investigative proceedings. To mitigate the risk of compromising the integrity and effectiveness of the investigation, individuals will be presented the documentation at a point in time IU asks a question.

The IU is not under any obligation to interview every witness involved in a complaint. Specifically, if there is no relevant evidence to be gained or other justifiable rationale the investigation team has the discretion whether or not to conduct an interview.

8.3. Reporting

All investigative report made by the Comptroller General must be presented in writing, using concise and fact-based language. Gratuitous, emotional and unnecessary language in reports must be avoided. Report writers must use inline editing, and not create numerous iterations (e.g. drafts) of the report.

Written reports issued by the Comptroller General and all IU contractors are to comply with Standard Practices for IFA Engagements and applicable standards of other professional


15

organizations. The Reporting Checklist (Appendix I) embodies those standards (Appendix A Reporting Standards).

8.3.1. Comptroller General Reports

The OCG’s procedures for preparing written investigative reports are as follows:

Team members prepare a report outline for discussion with, and approval by, the

Comptroller General.

Team members prepare a fact-based report that is fully supportable with sufficient and

relevant evidence.

The Director, Operations - Investigation and Forensic reviews the report for accuracy

and to compliance with Standard Practices for IFA Engagements, which includes

completing the IFA Reporting Checklist (Appendix I).

A review copy of the report is provided to the Comptroller General for approval.

The review copy of the report may be provided to the responsible government entity

and/or stakeholders (including legal counsel) for review and comment, as determined on

a case-by-case basis by the Comptroller General.

An exit meeting may be held with the responsible government entity and/or stakeholders

to discuss the engagement findings and report.

A quality assurance review of the report is performed by qualified individual(s) that

includes reviewing and accepting the IFA Reporting Checklist. Refer to the Report

Quality Assurance Review section for details on the quality assurance process. The

quality assurance review must be completed before the report is issued.

The investigation report is finalized with the Comptroller General signing the report.

A copy of the final report must be retained in the working paper file and crossed

referenced to the working papers.

The final report is distributed as per the TOR or as directed by the Comptroller General.

IU must maintain a report distribution log (see section 7.5.4).

Note: The Comptroller General is the owner of reports prepared by IU contractors and the distribution of the report is at the authority of the Comptroller General.

8.3.2. Quality Assurance Review

A qualified individual or a team of qualified individuals, with sufficient and appropriate experience must be appointed by the Comptroller General to objectively evaluate the report that includes but not limited to evaluating the findings, conclusions, recommendations, opinions and significant judgments made by the engagement team.

The report evaluation involves:

Discussion of significant matters with the engagement team;

Review of the proposed assurance report;


16

Review of relevant engagement documentation relating to the significant judgments the

engagement team made and the conclusions it reached; and

Evaluation of the conclusions reached in formulating the assurance report and

consideration of whether the proposed assurance report is appropriate.

The quality assurance reviewer must complete the Reporting Checklist (see Appendix I) before the Comptroller General issues the investigative report.

8.3.3. Report Disclaimer and Scope Limitation Statements

All reports issued by the Comptroller General must include a disclaimer to mitigate the unauthorized distribution of the report. Refer to Appendix M.

In addition, the wording “Private and Confidential” must be displayed on the footer of each page of text.

All reports issued by the Comptroller General must include details of all scope limitations and explain how each limitation impacted the investigative work performed. If the IU team does not consider there to be any scope limitations on their investigative work (and report), they should document this determination and seek approval from the Comptroller General.

8.3.4. Report Distribution Log

A report distribution log must be maintained and updated for all electronic and paper distributions of draft and final reports (refer to Appendix H). The report distribution log lists positions that the report might be provided to that include but not limited to the:

Deputy Minister of Finance

A Government entity decision-maker

Another internal investigative unit decision-maker (e.g. Head of PSA, CRO, CIO)

8.3.5. Report preparation and retention

As the report is prepared in a single document using inline editing, no draft reports are created. Hard copies of reports printed for proof reading must not be retained.

The report is finalised when signed by the Comptroller General, and a copy must be included in the working paper file.

8.4. File Documentation

Working paper files contain prepared materials, relevant information and obtainable evidence that supports the work performed, and the engagement findings and conclusions, as well as any recommendations to mitigate risk of re-occurrence of the reported or similar concerns. Working papers files must contain a separate section for each main component of the engagement.

Team members are responsible for the compilation of the working papers in accordance with investigative standards. For details, refer to Appendix A File Documentation Standards.

A working paper file must include:

an index;

a final report (crossed referenced to the working papers and supporting evidence);


17

the TOR;

a Reviewers Checklist;

the IFA Report Checklist;

Administrative Fairness Evaluation Tool;

Any legal advice or legal opinion;

Details of any complaints and their outcome;

All conflict of interest declarations requested by the Comptroller General;

the investigative work plan;

working papers with

o page titles & numbers;

o initials and dates of the file preparers and reviewers;

o cross references to other working papers, as appropriate; and

o relevant information and supporting evidence.

All working papers required a preparer and reviewer role. When the IU team considers the file substantially complete the file is reviewed and the Reviewer’s Checklist completed, ensuring the established criteria is met:

there is sufficient, appropriate evidence documented in the engagement working paper

files to support all conclusions, comments and recommendations in the report.

IU Policy framework was complied with, or valid reasons were provided for areas of non-

compliance.

All pertinent matters for the attention of subsequent reviews have been noted.

Refer to Appendix K for the Reviewer’s Checklist.

9. MONITORING ENGAGEMENTS

The Comptroller General may direct a government entity to conduct an internal investigation to address concerns or allegations of financial improprieties and/or irregularities. The IU’s responsibility is to monitor the government entity’s investigation, which involves, as warranted:

updating the Comptroller General on the progress of the investigation;

providing advice and guidance to the responsible government entity or stakeholder; and

examining evidence.

At the conclusion of the government entity’s investigation, the IU will assess the actions taken to address the concerns and/or allegations. To perform the assessment, the government entity provides the following information to the IU:

a brief describe of the incident (how/what/when/why/where);

a description of the steps taken to recover any loss;


18

an account of action or discipline taken with respect to any loss; and

descriptions of the safeguards and internal controls that have been implemented or

planned to prevent, reduce, and detect similar incidents in the future.

The IU file closure process involves preparing a briefing note to the Comptroller General that outlines the incident, the IU conclusion on the government entity’s management of the incident, and a description of actions taken, and any follow-up required.

10. INFORMATION MANAGEMENT – ELECTRONIC AND PHYSICAL

The IU manages and maintains electronic and hard copy documents. The IU must take steps to protect and secure sensitive and personal information received, managed and disclosed to stakeholders in compliance with government policy and best practices, as outlined in the sections below.

10.1. LAN Drive

The IU has a dedicated secured LAN drive to store electronic records. The Executive Director, Investigation and Forensic approves team members’ or other individuals’ access to the secured LAN drive, on an ‘as is needed basis’ only. Once an individual no longer warrants access, their privileges are revoked.

The IS Systems Administrator, Office of the Comptroller General is responsible for oversight of the secured drive. This involves granting and revoking access privileges as directed by the Executive Director, Investigation and Forensic.

Periodically the system access listing is reviewed by the Executive Director, Investigation and Forensic to ensure that access privileges are accurate and up-to-date.

10.2. Transferring of Information in Transit

IU has email encryption capabilities; however, the encryption tool is not widely spread across government. Hence, IU staff are to limit the sharing of personal and sensitive information through unencrypted email communications. When sharing of personal and sensitive information through unencrypted email communications, password protected Microsoft Word or Excel files must be used.

The IU has developed a disclosure statement that team members are to include in all email communications. Refer to Appendix M Disclaimer Statement.

The IU most commonly uses a SharePoint site to transfer sensitive and personal sensitive information to government entities and third parties.

IU staff are not permitted to use portable media devices (USB memory sticks, portable hard drive, CDs & DVDs) for transferring or storing of electronic materials.

10.3. Emails in Storage

The retention of emails to reduce the risk of loss and for use as a repository for evidence may be appealing; however this practice puts the emails at risk. IU staff are not permitted to use Outlook for the purpose of archiving emails. Emails that are deemed permanent record or relevant to an investigation are to be timeously stored in the relevant investigation folder on the IU drive.


19

To mitigate the risk of a breach involving emails in storage, the following processes must be performed:

When information is received via attachments to emails, the attachments and email are

to be transferred to the IU’s secure LAN Drive in a timely manner.

At the conclusion of a engagement:

o all relevant emails must be printed off and compiled in the working paper file;

o all relevant emails must be transferred into the project folder on the IU’s secure

LAN drive; and

o transitory emails are to be deleted.

Every month team members are to review their email stores and purge the transitory and

non-essential emails. Prior to commencing with the email purge, team members have

the option of creating a back-up PST file for storage on the IU’s secure drive to mitigate

the deletion of essential emails. The back-up must subsequently be deleted within one

month of its creation date.

10.4. Physical Documents and Evidence

10.4.1. Chain of Custody

Chain of custody refers to the chronological tracking of the collection, receipt, custody, control, and transfer of documents and records. Investigators are responsible for maintaining a continuous record of the custody of documents and have forms signed off when possession changes.

Investigators are to safeguard evidence in their custody, which involves ensuring the security of the information by preserving:

Confidentiality: information is only accessible to authorized individual and only used for

specified purposes

Integrity: ensuring that the accuracy and completeness of the information is maintained

Availability: ensuring authorized users have access to the information as needed

The IU requirements for evidence chain of custody practices are in accordance in accordance with investigation standards. For details, refer to Appendix A Evidence and Chain of Custody Standards.

The Chain of Custody Form (see Appendix N) must be used for all chain of custody transfers.

10.4.2. Physical Files

To ensure that sensitive and confidential information is not left unprotected in public workspaces, the IU promotes and enforces a clear desk policy. Clear desk policy refers to practices that ensure the safety of information when a workstation is left unattended for a short period of time or at the end of the day.

Files involving ongoing investigations that are located within the Office of the Comptroller General are to be secured at the end of each day. This involves securing the IU’s general office space and/or storing the files in a locked at cabinet at the end of each business day.


20

Physical records received by the IU are to be scanned into electronic format and stored in the IU LAN drive. The physical records are to be maintained for inclusion in working paper files. Subsequent to the compilation of the working paper files, the information may be disposed once it has been determined that it is sufficient to only maintain an electronic copy of the information.

To mitigate the loss of physical records, every six months the IU will access the project files stored within the Office of the Comptroller General to determine which files can be off-sited. Removal of physical records to offsite locations must follow government requirements to ensure they are appropriately secured. The OCG’s Division Records Coordinator can assist with the off-siting of physical files.

The IU working paper files retention life cycle is 10 years subsequent to complete closure of the file. The unit’s correspondence files are classified as full retention.

Refer to the government’s Records Information Management Manual: http://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/government-records.

10.5. Records Management Process

IU working paper files have a document retention classification of OCGE-33300-30, which identifies a document retention schedule of 10 years. At the end of the retention schedule the working paper files are eligible for disposal. Assigning of Supersedes Obsolete Date (SO Date) to a file identifies the date that the project file’s retention period commences.

Working paper files must be assigned a SO Date that correspondence to the fiscal year-end date in the year the SO Date is assigned. For example on August 31, 2016 it is decided that a file is to be assigned a SO date; the SO Date assigned is to be March 31, 2017, which makes it eligible for disposal subsequent to March 31, 2027.

Annually the IU will assess working paper files that are one calendar year away from the end of their retention schedule to determine if the project files are to be scanned and filed in TRIM. All IU project files must be approved for disposal at the end of their retention period in compliance with government policy.

IU Correspondence files a document retention classification of OCGE-33300-20, which identifies document retention for perpetuity.

10.6. Email Search Software - Nuix

The IU has a dedicated computer that contains the software package Nuix that is a digital forensic investigation software that enables investigators to collect, process, analyze, review and report on vast amounts of digital data. The IU uses Nuix for the purpose of performing key word searches on individual’s emails stores and LAN drives to gather relevant information.

The Nuix computer is not connected to government’s network (e.g. standalone computer). Therefore, to perform the Nuix key word searches the electronic data is temporary stored on bit encrypted external hard drives and are permitted to remain on the hard drives during the investigative proceedings. When the hard drives are not in use they must be stored in a secure location (e.g. locked cabinet in secure government office). A data catalogue of all information temporary stored on the hard drive must be maintained.

At the conclusion of the investigation the data stores are to be removed from the external hard drives and stored on protected government network drives for the retention period in compliance with government records management policy.

http://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/government-records

http://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/government-records


21

11. INFORMATION PROTECTION

Information involving IU proceedings are only to be disseminated on a need to know basis; specifically to team members and stakeholders that are to rely on the information for decision purposes.

IU staff and contractors must ensure that sensitive information is protected from accidental viewing by any non-IU personnel passing through their workspaces. To safeguard sensitive and critical information team members are to comply with clean desk and clear screen policy as per below:

Team members are required to ensure that all sensitive/confidential information in

hardcopy or electronic form is secure in their work area at the end of the business day

and when they are expected to be gone from their workstation for an extended period.

Any sensitive or personal information must be removed from the desk and locked in a

drawer when the desk is unoccupied and at the end of the workday.

File cabinets or overhead bins containing project files or information must be kept closed

and locked when not in use or when not attended.

Keys used for access to storage device for physical documents must not be left at an

unattended desk.

Sensitive documents are to be disposed of in the official shred bins located throughout

the office space.

Passwords are to be properly secured and must not be left written down in an accessible

location.

Dissemination of information can be through verbal communications. To mitigate the risk of being overheard by parties that are not to be privy to IU proceedings, team members are to ensure that the discussions are only to occur in secure locations.

Team members receiving requests for information from parties interested in investigative proceedings (current and closed projects) are to refer the requests to the Executive Director, Investigation and Forensic. The requestors may include the person(s) under investigation, the whistleblower, the media (refer to below for more details) or other non-stakeholders. The Executive Director will advise the party of the appropriate process to request information, which involves submitting a Freedom of Information and Protection of Privacy Act request.

If IU team members receive a request for a comment or information from a member of the media, the team member must limit their response to advising the requestor to contact the province’s Government Communications & Public Engagement (GCPE) Branch. Specifically, to contact the Ministry of Finance’s GCPE representative as listed (refer to https://news.gov.bc.ca/files/Media_Contacts.pdf). The team member is to document the request and advise their direct report of the request in a timely manner.

12. WORKING OUTSIDE OF THE WORKPLACE

12.1. Remote Access

IU staff may be granted permission by Executive Director, Investigation and Forensic to remotely access the Shared Provincial Access Network for BC (government network or

http://www.bclaws.ca/civix/document/id/consol26/consol26/96165_00


22

SPAN/BC) from personal or non-government computers. Through the Virtual Private Network (VPN) a secure remote desktop connection is established with the government networks.

When using VPN, IU staff are to comply with government security policies involving personal internet activity. IU staff are to be aware that it is very important that the VPN session be disconnected at the completion of government business. For instructions on the operations of VPN, refer to the Remote Access User Guide.

Prior to approval of remote access employees are required to complete a Home Technology Assessment.

When working remotely IU staff are not to download or store sensitive or confidential information to a non-government computer. In addition, IU staff must not print sensitive or confidential information using a non-government computer.

IU staff may gain access to their government emails from any computer through Microsoft Exchange - Outlook Web Access.

12.2. Paper Based Documents

To reduce the risk of unauthorized disclosure or loss when working remotely, IU staff are encouraged to access the government network for work information rather than taking paper based documents or electronic storage devices containing sensitive information from the workplace. When there is a need to take paper based documents from the workplace IU staff are to:

Obtain permission from the IU’s Executive Director or Director.

Limit the paper based documents and the information stored on the electronic storage

devices to what is necessary for the specific tasks to be performed from the remote site.

Keep control and properly safeguard the paper-based documents.

Ensure that sensitive or confidential information cannot be viewed by third parties.

Return all paper based physical documents to the office for retention or disposal.

Alternatively, if IU staff are working in another government office, the paper based

documents may be disposed of in locked disposal bins provided there.

13. TECHNOLOGY RECOVERY STRATEGIES

The Office of the Chief Information Office is responsible for the technology business continuity recovery strategies for all of government. IU staff are to follow the direction of the OCIO in the event of a business disruption.

14. RELIANCE ON WORK OF OTHERS

IU team members conducting a fraud investigation must have adequate skill in the areas they are examining. In instances where the IU team does not have enough knowledge, expertise or competence, those desired skills must be sought from another government investigation unit, government program area or the private sector. When relying on the work of others, an assessment of their work/information must be performed per IFA Standards.

https://ssbc-client.gov.bc.ca/services/RemoteAccess/RemoteAccessUserGuide.pdf

https://summer.gov.bc.ca/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=5

https://summer.gov.bc.ca/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=5


23

Likewise, when an investigation has been outsourced, either in its entirety or piecemeal, an assessment of their work/information must be performed per IFA Standards. For details, refer to Appendix A Reliance on the Work of Others Standards.

14.1. Procurement of Service Contractors

When an IU investigation requires the use of a contractor, the selection must comply with CPPM 6.0. This is to ensure that the selection is based on the principles of fair and open public sector procurement, competition, demand aggregation, value for money, transparency and accountability.

A list of prequalified contractors is available to assist with investigation activities. The list has been developed in accordance with CPPM 6.3.2.a.13. The list includes a wide range of contractors offering a broad range of specialized service that potentially may be required during an investigation. BC Bid Resources provides guidance on establishing prequalification lists.

Contractor selection from the prequalification list must comply with CPPM 6.3.2.a.14; .15; and .17. BC Bid Resources provides guidance on using prequalification lists.

When selecting a contractor from a prequalification list the scope of the activity needs to be clearly articulated and the contractor skills matched to the activity. When detailing the scope of activity, IU staff must ensure it is broad enough to cover areas not originally contemplated, but could be required once an investigation is underway.

If the scope of activity not be covered by the prequalification list, a separate solicitation must be conducted in accordance with CPPM 6.0. The solicitation document must clearly articulate the scope of the investigation, any applicable standards and the evaluation criteria.

When identifying the cost of an investigative engagement performed by a contractor, actions are to be taken to ensure that the pricing structure adequately reflects the true value of the scope of work. This requires careful planning and consideration of the potential breadth of the investigation scope.

Contractors are required to provide a written declaration that there is not a potential, actual, or perceived conflict of interest between them and the subject matter. Contractors are required to notify the IU of any changes in the circumstances that would result in the contractors being in a conflict of interest.

All contracts must contain only government’s General Service Agreement terms and conditions (see BC Bid Resources). Any changes government’s standard terms and conditions must be approved by Legal Services Branch.

Throughout the procurement process clear documentation is required to justify the procurement decisions and actions undertaken. A business case to support procurement is to be completed and approved. At a minimum the business case is to include financial implications, other available options and why there were rejected, and the potential scope for the investigation activity and risks.

The procurement of a contractor requires the approval of the Comptroller General. The Comptroller General must designate an individual to manage, monitor and regularly report on the procurement and performance of the contractor.

14.2. Exchange of Confidential Information to Third Parties

The IU uses government’s General Service Agreement (GSA) to retain service providers to perform investigative function as warranted. The GSA contains a Privacy Protection Schedule that outlines a contractor’s obligation involving the handling and exchanging of sensitive records

http://www.fin.gov.bc.ca/ocg/fmb/manuals/CPM/06_Procurement.htm

http://www.fin.gov.bc.ca/ocg/fmb/manuals/CPM/06_Procurement.htm

http://www.fin.gov.bc.ca/ocg/fmb/manuals/CPM/06_Procurement.htm#1632a

http://www2.gov.bc.ca/gov/content/governments/services-for-government/bc-bid-resources/how-to-buy-services/procurement-process/pre-award/select-a-solicitation-process-and-template#select_call



http://www2.gov.bc.ca/gov/content/governments/services-for-government/bc-bid-resources/how-to-buy-services/procurement-process/pre-award/select-a-solicitation-process-and-template#select_call


24

and evidence. It will be at the contract manager’s discretion on a case by case basis if further confidentiality agreements are required.

At all times IU staff are to complete a chain of custody form if working papers files or original documents are provided to third parties. The chain of custody document required both parties involved in the exchange complete and sign for the exchange of information. Refer to Appendix N Chain of Custody Form.

If copies of original documents are provided to third parties the IU team members need only to document the nature of the information provided.

15. ASSET MANAGEMENT

The Corporate Operations Branch (COB), Office of the Comptroller General is responsible for the distribution and inventorying of assets used by IU team members. IU team members are responsible for the safeguarding and timely reporting of a loss or damage to assets they have been assigned and entrusted.

Specially, IU staff are to:

report the loss or damage of IU assets to their supervisor and the COB on a timely basis;

and

follow government’s loss incident report policy that may require the completion of a

General Loss Incident Report (GILR). Refer to Chapter L Loss Reporting of CPPM for

more details involving loss incidents.

16. TRAINING AND COMPETENCY

The government supports and enables continuous professional development in the BC Public Service. In response, the IU has prepared a professional development framework and training plan for all IU team members. The framework describes investigation competencies and development opportunities, and also supports staff to actively participate in their own development and growth, and to ensure that the unit has a sound succession path. The framework and plan do not replace any ministry development tools; rather, it builds on those resources to provide professional development opportunities for our staff.

New employees must to complete their BC Public Sector orientation in a reasonable time from starting with the IU.

All staff must keep current in the technological training required to do their job, training activities must align with IU goals and activities, and staff in leadership positions focus on supervisory, management and leadership development learning activities.

IU staff must ensure they have the necessary skills and competency to complete their assigned work.

17. INTERNAL INVESTIGATIONS WORKING GROUP

The Internal Investigations Working Group consists of four specific government investigative units with separate and unique mandates. The objective of the working group is to ensure that respective mandates are met and investigations are coordinated with other members, as appropriate. In addition, the work group collaborates on the development of common investigative standards and processes.

http://www.fin.gov.bc.ca/ocg/fmb/manuals/FAP/FAP_L.htm


25

Members of the working group include:

BC Public Service Agency, Ministry of Finance (PSA) – conducts investigations

regarding employee conduct related to collective agreements, human rights legislation

and other government policy/legislation for both included and excluded employees.

Corporate Information and Records Management Office, Ministry of Finance (CIRMO)

Privacy, Compliance and Training Branch Investigations Unit - coordinates, investigates

and resolves any actual or suspected information incidents, including unauthorized

collection, use, disclosure, access, disposal or storage of government information.

Office of the Chief Information Officer, Ministry of Technology, Innovation and Citizens’

Services Security Investigation and Forensics Unit – coordinates, investigates and

resolves any actual or suspected information technology security and cyber security

incidents and provides evidentiary support and analysis of digital evidence and expert

advice to other investigative units.

Office of the Comptroller General, Ministry of Finance (OCG) Investigation and Forensic

Unit - addresses allegations of fraud or financial improprieties reported to the

Comptroller General.

IU team members actively support and endorse the activities of the working group through the development and implementation of common investigative standards and policies, training activities, and case studies.

18. REPORTING INCIDENTS TO LAW ENFORCEMENT

Reporting of non-emergency incidents under investigation by the IU or contractors requires the approval of the Comptroller General. The Comptroller General must consider seeking legal advice before contacting law enforcement.


26

Appendix A: Professional Standards for Investigations23

Planning Standards

IFA 300.01

The IFA engagement work should be adequately planned.

IFA 300.02

Each IFA engagement is unique; accordingly, the planning for each engagement should be customized and evolve as the engagement progresses, requiring the repeated application of professional judgment: (a) identifying the objectives of the engagement;

(b) obtaining sufficient understanding of the circumstances of the engagement and the

events giving rise to the engagement;

(c) obtaining sufficient understanding of the context within which the engagement is to be

conducted (for example, any Tribunal process, laws, regulations, contracts or policies

relevant to the engagement);

(d) identifying any limitation of scope where access has been denied or information

cannot be obtained or provided; and

(e) evaluating the resources necessary to complete the work, and identifying a suitable engagement team.

IFA 300.03

When planning the extent of the scope of work for a particular IFA engagement, IFA practitioners should consider: (a) developing hypotheses, as applicable, for the purpose of addressing the

circumstances and context of the engagement;

(b) identifying the approaches, procedures and techniques that will allow the practitioners

to meet the engagement objectives within the constraints of time, cost and availability

of information;

(c) identifying financial and other information relevant to the engagement, and developing

a strategy to acquire such information; and

(d) determining the impact of the nature and timing of any reporting requirements.

ACFE Section IV

A.2. Certified Fraud Examiners shall establish predication and scope priorities at the outset of a fraud examination and continuously re-evaluate them as the examination proceeds. CFEs shall strive for efficiency in their examination.

2 For the complete Standard Practices for IFA Engagements, refer to

https://www.cpacanada.ca/en/business-and-accounting-resources/other-general-business-topics/forensic-and-investigative-accounting/publications/standard-practices-investigative-forensic-accounting-engagements. 3 For the complete CFE Code of Professional Standards, Interpretation and Guidance refer to

https://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Guidance-Professional-Standards.pdf.

https://www.cpacanada.ca/en/business-and-accounting-resources/other-general-business-topics/forensic-and-investigative-accounting/publications/standard-practices-investigative-forensic-accounting-engagements



https://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Guidance-Professional-Standards.pdf

https://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Guidance-Professional-Standards.pdf


27

Appendix A cont.

Information Collection and Analysis Standards

IFA 400.01

IFA practitioners should use an investigative mindset in the identification, pursuit, analysis and evaluation of information relevant to each IFA engagement, contemplating that it may be biased, false, unreliable and/or incomplete.

IFA 400.02

Throughout an IFA engagement, IFA practitioners should use an investigative mindset to assess the timing, nature and extent of the approaches, procedures and techniques to be used.

IFA 400.03

The type of information obtained may relate to the facts pertaining to the underlying issues of the IFA engagement as well as factors relating to motivation, intent and bias.

IFA 400.04

IFA practitioners should consider the relevance of all information that arises during the course of an IFA engagement.

IFA 400.05

IFA practitioners should identify, analyze, assess and compare all relevant information, assess substance over form, and develop and test, as needed, hypotheses for the purpose of evaluating the issues in the IFA engagement.

IFA 400.08

Where practical, IFA practitioners should maintain copies of all documents and other materials relevant to their findings and conclusions.

IFA 400.09

IFA practitioners should maintain an appropriate record of all relevant information received orally.

ACFE Section IV

A.1. Fraud examinations shall be conducted in a legal, professional and thorough manner. The Certified Fraud Examiner’s objective shall be to obtain evidence and information that is complete, reliable and relevant.

A.3. Certified Fraud Examiners shall be alert to the possibility of conjecture, unsubstantiated opinion and bias of witnesses and others.

File Documentation Standards

IFA 500.02

The form and content of individual working papers are affected by matters such as the terms of the IFA engagement, including the nature of the report required, the nature and complexity of the subject business, and the needs in the particular circumstances for supervision and review of the work performed by any assistants.

IFA 500.04

Working papers should be maintained in an organized manner.


28

Appendix A cont.

ACFE Section IV

B.2 Certified Fraud Examiners’ work product may vary with the circumstances of each fraud examination. The extent of documentation shall be subject to the needs and objectives of the client or employer.

Evidence and Chain of Custody Standards

IFA 400.06

IFA practitioners should be cognizant of and, where appropriate, maintain the chain of custody, including origin, possession and disposition of all documents and other material, particularly originals, relevant to an IFA engagement.

IFA 400.07

IFA practitioners should establish appropriate control and management procedures to safeguard the confidentiality, integrity and preservation of all documents and other material that come into their possession or are created during the course of an IFA engagement.

ACFE Section IV

B.1. Certified Fraud Examiners shall endeavor to establish effective control and management procedures for documents, data and other evidence obtained during the course of a fraud examination. CFEs shall be cognizant of the chain of custody including origin, possession and disposition of relevant evidence and material. CFEs shall strive to preserve the integrity of relevant evidence and material.

Reporting Standards

IFA 600.03

IFA practitioners should be cognizant of and, where appropriate, maintain the chain of custody, including origin, possession and disposition of all documents and other material, particularly originals, relevant to an IFA engagement.

IFA 600.04

Prior to the issuance of the report, IFA practitioners should be satisfied that there is sufficient support for the content of the report, including any findings and conclusions reached.

IFA 400.05

IFA practitioners should present their findings and conclusions in an objective and unbiased manner.

IFA 400.06

IFA practitioners should confine their findings and conclusions to subject matter, principles and methodologies within their competence, including their knowledge, skill, experience, training and education.

ACFE Section V

B.2 No opinion shall be expressed regarding the legal guilt or innocence of any person or party.


29

Appendix A cont. Reliance on the Work of Others Standards

IFA 400.14

During an IFA engagement, IFA practitioners may rely on persons or firms possessing expertise relevant to the IFA engagement.

IFA 400.15

IFA practitioners should evaluate the nature and level of intended reliance on the work and/or information of others. If this evaluation identifies inadequacies or a high level of risk, IFA practitioners should perform additional procedures to address or resolve such factors. If IFA practitioners are not satisfied with regard to these factors, they should either not rely on the work of the individual(s) concerned or disclose their concerns.

IFA 400.16

There should be an appropriate understanding between IFA practitioners and others on whom they are relying concerning their respective roles and responsibilities relating to the IFA engagement. IFA practitioners and these others should communicate sufficiently to minimize misunderstandings that could cause practitioners to misinterpret the work and/or information of others.


30

Appendix B: Case Tracking System

Issue Tracking Criteria and Sub Criteria

1. Case #

2. Date received

3. Case Name

4. Client Liaison

5. Ministry / Crown

6. Received by:

Email

GILR

In person

Letter

Phone

unknown

7. Project Number

8. Date of Incident

9. Type of Incident

Advisory

Conflict of Interest

Corp Card Misuse

Embezzlement / theft

Fraud by Public

Governance

Other

10. Status

Status is auto populated per the “action” field, refer to below for categories

11. Action (x3)

advisory only

cancelled

completed

completed - NTF

fieldwork

file compilation

logged

monitoring

no Action Taken

planning

preliminary

reported

reporting


31

Appendix B cont.

12. Date (x 3)

13. Note (x 3)

14. Report Year

15. Month

16. Comments

17. Completed / Finalized


32

Appendix C: Administrative Fairness Evaluation Tool

The Comptroller General’s Administrative Fairness Evaluation Tool is a self-assessment of each phase of the investigative process against the five administrative fairness principles. The results of the assessment provide documentary evidence that the principles of administrative fairness are applied throughout each investigation. Background Information

IU team members (staff and contractors) are required to follow the principles of administrative fairness while conducting an investigation. The Comptroller General has identified five principles (see figure below) to safeguard administrative fairness and support sound investigative practice.

The Comptroller General’s Administrative Fairness Evaluation Tool is a self-evaluation of each phase of the investigative process against the five administrative fairness principles. The results of the evaluation provide documentary evidence that the principles of administrative fairness where applied throughout each investigative process.

Further information on administrative fairness and the investigative process can be found in chapter 6 of the Comptroller General’s Investigation Manual.

Instructions

Answer each evaluation criteria and provide supporting comments or references as appropriate. The Comptroller General must approve the evaluation before the results of the investigation are reported out. Include the approved evaluation in the investigation working paper file.

Administrative fairness

Inform affected

stakeholders

Provide opportunity to

explain

Assess with objectivity

and without bias

Respect persons and

justice

Timely and evidence-

based decisions


33

Evaluation criteria Yes/No

/NA Comments

Allegations Reported to Comptroller General

1. Upon receiving allegations of financial impropriety, has the Comptroller General:

1.1. contacted the complainant for the purpose of obtaining a sufficient understanding of the concerns and the relevant circumstances?

1.2. considered if the allegations were reasonably credible? (e.g. contained inconsistencies, vexatious, plausibility, etc.)

1.3. considered if the allegations were within the Comptroller General’s mandate, or should be referred to another organisation or official?

1.4. Identified a respondent ministry and ministry decision-maker?

2. Has the respondent ministry and ministry decision-maker been:

2.1. informed in a timely manner that allegations of financial impropriety had been received by the Comptroller General?

2.2. advised of the Comptroller General’s investigative process?

2.3. advised that dissemination of the allegations is limited to a need to know basis?

Ministry Information Package

3. Are all individuals or organisations that are assigned to gather and prepare the information package for the Comptroller General:

3.1. free of any conflict of interest with the subject matter?

3.2. have adequate skills and experience to perform their assignment?

3.3. advised of the need for confidentiality throughout the process?

3.4. advised to perform their assignment in an objective and unbiased way, and remain respectful at all times?

4. At the discretion of the Comptroller General, has a terms of reference defining the purpose, scope, approach, responsibilities, deliverables, timeline and confidentiality of the task prepared and approved by a ministry decision-maker and the Comptroller General?

5. Has the ministry decision-maker provided the information in a timely, complete and organised way?

Preliminary Assessment of Ministry Information Package


34


/NA Comments

6. Has the preliminary assessment been performed by individuals (and/or organisations) that are:



7. Has an objective and unbiased assessment of each allegation been performed for the purpose determining if an investigation is appropriate?

8. Has all relevant information, specifically both exculpatory and inculpatory evidence been considered throughout the preliminary assessment phase?

9. Is the assessment free of any scope limitations, or any other matters, that might have impeded an objective and unbiased assessment of each allegation?

Decision to Investigate

10. Is the Comptroller General’s decision to proceed, or not to proceed with an investigation, supportable with the evidence gathered?

11. Was the investigative course reasonable and adequate given the assessed severity of the allegations?

12. Is there a realistic probability that an investigation would achieve results, and in a timely manner?

13. Has the Comptroller General considered if legal or other specialist advice might be sought related to the determined course of action?

14. Has a ministry decision-maker been advised of the preliminary assessment, and been given the opportunity to respond?

15. Have the decision-makers and stakeholders adversely impacted by the loss incident (e.g. victim program area) been appropriately contacted as a result of the determined course of action?

Plan and Prioritize Investigation

16. Has an evaluation been completed to determine the priority of the investigation relative to other investigations and/or government resource limitations?

17. If the investigation cannot be completed in a timely manner, have the reasons being documented and communicated to stakeholders as appropriate?

Investigation Method

18. Has an evaluation been completed to assist in determining the sourcing of the investigation?


35


/NA Comments

19. Have the decision-makers and stakeholders adversely impacted by the loss incident (e.g. victim program area) been appropriately contacted as a result of the determined course of action?

Investigation Phases

Planning

20. Are all individuals or organisations that are assigned to the investigation team:



20.3. advised of the need for confidentiality throughout the process?

20.4. advised to perform their assignment in an objective and unbiased way, and remain respectful at all times?

21. At the discretion of the Comptroller General, has a terms of reference defining the purpose, scope, approach, responsibilities, deliverables, timeline and confidentiality of the task prepared and approved by a ministry decision-maker and the Comptroller General?

22. Is there evidence on file that the Comptroller General reviewed the investigation plan to ensure its scope is appropriate, and within jurisdiction, and can be adequately resourced as set out in the plan?

Fieldwork

23. Has all information gathered during the engagement been assessed for relevance; specifically was inculpatory and exculpatory evidence reviewed and assessed?

24. Have all revisions to the investigation plan been approved by the Comptroller General prior to the investigation team taking action?

25. Have both the Comptroller General and respondent ministry been provided with regular and timely progress reports throughout fieldwork phase?

26. Have all witnesses or persons of interest identified during the engagement been interviewed? If not, was the rationale for not interviewing specific witnesses documented?

27. Have all persons of interest been appropriately informed why they are requested to attend an interview, their rights to representation during the interview, and presented with relevant information and given adequate opportunity to respond to the


36


/NA Comments

information?

28. Has the investigation team reviewed, objectively and without bias, all evidence that the persons of interest disclosed during and subsequent to the interview?

29. Has a ministry decision-maker been advised of outcome of the investigation fieldwork, and been given the opportunity to respond?

Reporting

30. Prior to the issuance of the Comptroller General’s investigation report, is the investigation team satisfied that sufficient evidence has been gathered to support the content of the report?

31. Are the report contents within the scope of the approved investigation plan, and approved terms of reference agreed with the ministry decision-maker?

32. Has a legal or other specialist review been performed on the report to ensure the report contents is within the mandate of the Comptroller General, and the report contents is not contrary to any laws or regulations?

33. Has a quality assurance review been performed on the report prior to it being finalized?

34. Has the Comptroller General approve distribution lists for the final report?

35. Has a ministry decision-maker been provided with a copy of the report, and given the opportunity to respond?

36. Does the report meet the reporting requirements of the Standard Practices for Investigative and Forensic Accounting Engagements?

37. Does the report contain information that if it was released without authorisation might cause harm to persons or property?

38. Upon receiving a copy of the report, have report recipients been advised that the report remains the property of the Comptroller General and the report must not be distributed without the Comptroller General’s approval?

General Administration

39. Have any conflicts of interest been declared by the investigation team, or any other circumstances been identified that could actually, or perceived to be, put the investigation team at risk of compromising it’s objectively and conduct without bias?

40. Have the investigation team conducted themselves


37


/NA Comments

such that the confidentiality and integrity of the investigative process is not compromised?

41. Has the government receive any complaints or concerns involving the investigative process; specifically, complaints that the investigation team showed a lack of respect and justice to information providers, witnesses, or the person of interest?

42. Are there any other actual or perceived events or circumstances that might cause impacted parties or stakeholders to believe the principles of administrative fairness were not applied throughout the investigative process?

The results of this evaluation provide evidence that the Comptroller General’s principles of administrative fairness were applied throughout the investigative process.

Name Signature Date

Prepared by:

Reviewed by:

Approved by Comptroller General:


38

Appendix D: IU Investigative Process Diagram

Investigation and Forensic Unit (IU) investigative process upon the receipt of an allegation/complaint.

ALLEGATION REPORTED TO COMPTROLLER GENERAL

MINISTRY PREPARES INFORMATION PACKAGE

INVESTIGATE

IU CONDUCTS PRELIMINARY ASSESSMENT

PLAN AND PRIORITIZE

METHOD

MINISTRY INVESTIGATES

OR OUTSOURCESIU INVESTIGATES

OUTSOURCEIU OVERSIGHT

60-90 DAY MILESTONE

60-90 DAY MILESTONE

CONTINUE CONTINUE

INFORMATION TO COMPTROLLER GENERAL

FOR DECISION

DOCUMENT RATIONALENO NO

DRAFT REPORT

FINALIZE REPORT

QA REPORT

YES

QA/ASSESSADEQUATE

NOTE TO FILE

YES

YES

NO

DOCUMENT RATIONALE NO

YES

INVESTIGATE MONITOR


39

Appendix E: Standard on Investigative Tiers

Standard on Investigative Tiers Date: May 29, 2017

Purpose

The purpose of this standard is to outline a hierarchy, or tiers, of incidents that are common across government’s internally focused investigative units (IUs).

Scope

This standard applies to the IUs of the BC Public Service Agency (BC PSA), the Office of the Comptroller General (OCG), the Privacy, Compliance and Training Branch (PCT), and the Office of the Chief Information Officer (OCIO).

Investigative Tiers

Tiers are intended to build upon each other, such that a 2 includes those considerations described for Tier1 incidents, plus the content listed in Tier 2, etc. As such, 1 is the lowest tier and involves the most minor incidents, whereas Tier 5 is at the highest end of the spectrum.

Common Investigative Tiers are as follows:

Tier Description PCT PSA OCG OCIO

1 Minor incidents which require follow up.

Common considerations:

Responsible IU not conducting a formal investigation

IUs engaged to provide advice/support and oversight to ministry as necessary to ensure appropriate outcome

Minimal/negligible potential for harm to government o Regarding privacy, low potential for notification to impacted party(s)

Minor incidents, typically closed quickly

2 Response to incidents involving a low potential for harm, financial loss or penalties to involved individuals or the Province.


Responsible IU not conducting a formal investigation

IUs engaged to provide advice/support and oversight as necessary to ensure appropriate outcome

Some legal interpretation may be required

Singular focus (e.g. conduct or financial or privacy/informational)

Single-ministry/program area

PCT investigator assigned to provide incident response guidance to ministry responsible. Considerations:

Moderately complex administrative incidents

Notification may be warranted

Ministry Investigation in consultation with PSA HR Advisor. Considerations:

Breaches of policies or procedures (i.e. repeated tardiness, offensive language, insubordinatio

OCG investigator assigned to provide incident response guidance to ministry responsible. Considerations:

Minor, non-wilful breaches of financial policies or procedures or financial loss

OCIO investigator assigned to provide incident response guidance to ministry or organization responsible.


40


n, misuse of govt property

3 IU led investigations into incidents involving a moderate potential for harm, financial loss or penalties to involved individuals or the Province.


Potential jeopardy to involved individuals (e.g. criminal, regulatory and/or administrative)

Situation calls for formal actions/outcomes for individuals and/or ministries

Multi-faceted (e.g. conduct and/or financial and/or privacy/informational) investigations

Multi-ministry/agency investigations

Investigations likely involving formal investigative interviews

Investigation led by PCT with ministry/other co-investigator as appropriate Considerations:

Files involving the exposure of sensitive confidential or personal information

Concerns regarding wilful inappropriate access/disclosure

Complaints

Investigation led by BC PSA with ministry/other co-investigator as appropriate Considerations:

Possible breaches of policies or procedures (i.e. bullying, harassment, misuse of supervisory authority, significant misuse of govt property, privacy breaches, serious allegations of theft, criminal investigations)

Investigation led by OCG with ministry/other co-investigator as appropriate Considerations:

Minor instances of financial impropriety, financial loss, or fraud

Risk of financial loss isolated

Investigations led by OCIO with ministry/other co-investigator as appropriate Considerations:

Situations where an employee may be intentionally engaging in the inappropriate use of a government system or computer (separate from an information incident)

4 IU led investigations into incidents involving major, complex, and/or high profile incidents.


Significant potential jeopardy to involved individuals (e.g. criminal, regulatory and/or administrative)

May impact public confidence in ministry/ government

PCT led investigation Considerations:

Major, complex, and/or high-profile information incidents

Involve extremely confidential government information or potential for serious harm

Impact a large number of individuals or involve significant

BC PSA led investigation Considerations:

Major, complex and/or high profile breaches of policies or procedures

Outcome may be termination

OCG led investigation Considerations:

Major, complex, and/or high-profile financial impropriety, financial loss, or fraud instances

Significant risk of systematic financial loss

OCIO Considerations:

Major, complex and/or high profile incidents that affect critical IT infrastructure (e.g. cyberattack, malicious IT security breach).

Supports T4 investigations led by OCG, PSA, and/or PCT.


41


systemic issues

5 Situations to be investigated or led by an external party due to potential conflict of interest, IU capacity, or other reasons.

Responsible central agency and/or appropriate decision-maker selects an external party to investigate or lead an investigation. An appropriate accountability/ governance structure needs to be established. Considerations:

Situations where an IU or IU executive is conflicted.

Situations where public could perceive a conflict of interest if government investigates itself.

Instances where the scale and/or complexity of the incident is beyond the capacity of the IU.

Reviews of an investigation, including reviews of IU practices (i.e. there is a complaint about how an investigation was handled).

Situations of such sensitivity where involved persons may not be willing to speak to a government investigator.


42

Appendix F: Preliminary Assessment Tool

Decision:

Document the recommended course of action

Issue: Document concerns, what, who, where and how, and why is it a problem

insert comments

Financial Impropriety: Within IU mandate – financial impropriety, conflict of interest

insert comments

Informant Credibility: Consider if the allegations/concerns are defined or a vague suggestion

insert comments

Magnitude: The potential scope, scale, size or value of the likely impact

insert comments

Significance: Measure of potential impact: non-compliance, legal ramifications, taxpayer perception

insert comments

Evidence: What additional evidence can be gathered in the ministry’s information package preparation stage

insert comments

Scope Limitation: Consider potential scope limitations, evidence availability, CG authority, co-operation

insert comments

Rank / Recommendation: Priority 1 – High, Priority 2 – Medium (proceed), Priority 3 - Low (proceed once resources are available) Hold = wait for information PL – parking lot, may be invoked through related analysis or processes

insert rank

Name Signature Date

Prepared by:

Reviewed by:



43

Appendix G: Engagement Method Guide

Purpose: To document measures to consider in determining the investigation method to proceed with, specifically:

IU conducts the investigation;

the investigation is outsourced with IU overseeing the engagement; or

IU’s monitors an internal investigation, which involves resources internal to the government entity or outsourced resources conducting the investigation.

This document is to be completed subsequent to the completion a preliminary assessment, which concludes a full investigation is warranted.

Actions Taken and Rational

Identify which of the three methods available (refer to purpose) was selected.

Comments:

Support for method selected and rationale:

Provide a brief rational for the decision. When providing comment an assessment of likelihood (unlikely, possible, likely and certain) and risk (low, medium and high) is acceptable.

Comments:

Pervasiveness of the concern(s)/allegation(s)

Document if the concern(s)/allegation(s) identify:

a single employee, individual or entity external to government

multiple employees, individuals or entities external to government

a single government entity

multiple government entities

If there are multiple entities in the allegations, determine if the entities involve:

only government employees;

only individuals or businesses external to government; or

employees, and individuals or businesses external to government.

In addition, comment on potential relationships involving the individuals/entities named in the allegations or concerns.

Comments:

Nature of the concern(s) or allegation(s)

Document/comment on the issue or nature of the all the complaint’s concerns/allegations to be investigated; e.g. petty cash loss, conflict of interest, etc.


44

Comments:

Consider if the concern(s) falls within the mandate of another government investigation unit. If so, advise the relevant investigation unit of the concerns, as applicable.

Comment:

Document when and where the loss incident took place.

Comments:

Severity and Complexity

Comment on the severity and complexity of the allegation(s). Specifically, the allegation(s) potentially involves violation of:

financial policy;

financial procedures;

contractual terms;

the government’s standard of conduct (PSA);

government’s privacy policy (PCTB);

government’s security policy (ISB); and/or

Canadian laws.

Comments:

Consider and comment on significance of actual and potential losses.

Comments:

Document any risks/concerns involving confidentiality (e.g. risk associated with outsourcing).

Comments:

Comment on risks associated with political sensitivity or adverse publicity involving the concern(s)/allegation(s).

Comments:


45

Comment on the potential risks and/or likelihood involving a lack of co-operation that may impeded the investigation.

Comments:

Assess the potential complexity of the investigation taking into consideration, but not limited to, the following elements:

scope (including potential scope limitations)

volume of potential interviewees

risk of collusion of witnesses

the employment position of the person’s named in the concern(s)

the volume of concerns

information required to be gathered

methodology for gathering evidence (e.g. interviews, computer forensics)

skill level required to address the concern(s)

type of analysis required to be performed

government entity’s objectives

Comments:

Resources requirements and availability

Describe the nature of resources required including, but not limited to legal counsel, policy specialists, labor relation specialists, computer forensic specialists, and/or a government entity representative(s).

Comments:

Assess IU’s available resources and the current workload at the point in time the preliminary assessment was completed.

Comments:

Estimate the size of the investigation team that is required for timely completion of the investigation.

Comments:


46

Time Sensitivity

Consider the timeliness of actions to be taken to limit potential losses that may include anticipated delays in a contractor responding to the concerns.

Comments:

Document the risks involving potential destruction or tampering of evidence resulting from potential delays responding to the concern(s)/allegations(s) in a timely manner.

Comments:

Costs

Prepare a cost comparison involving the various options, if warranted.

Comments:

Determine if the preparation of a cost/benefit analysis and/or budget is warranted.

Comments:

Consider where the incident took place and whether a contractor has a presence in the relevant location.

Comments:

Other items to consider

Determine which person/entity should be responsible for overall management/oversight of the engagement.

Comments:


47

Name Signature Date

Prepared by:

Reviewed by:



48

Appendix H: Executive Accountabilities in Tier 4 and 5 Investigations

Executive Accountabilities in Tier 4 and 5 Investigations Date: May 15, 2017

Purpose

The purpose of this standard is to outline the accountabilities of executive in Tier 4 and 5 investigations4.

Scope

This standard applies to the investigative units (IUs) of the BC Public Service Agency (BC PSA), the Office of the Comptroller General (OCG), the Privacy, Compliance and Training Branch (PCT), and the Office of the Chief Information Officer (OCIO).

Investigative process

The investigative process has been broken down into phases, which are separated by a waypoint or milestone.

Investigation

concluded

P1: Preliminary Assessment P2: Evidence Gathering P3: Investigative Interviews. analysis

Go/no go

decision

Go/no go for conducting

formal interviews

ObjectivesAssess credibility of issue, whether

within IU jurisdiction, whether

evidence is available to warrant

investigate

Gather and assess evidence per investigation

plan, establish whether grounds exist to move

forward with interviews

ReportingA B C

Conduct interviews according to plan, gather

additional evidence as needed, assess evidence,

develop final report, undergo QA, and

validate as appropriate

Executive accountabilities

For Tier 4 and 5 investigations, executive members are to be consulted at each waypoint, or milestone, and have the following accountabilities:

Waypoint A B C

Executive or

delegate

accountabilities

Key decision: go/no go for

full investigation.

1. Review ToR, Investigative

Plan

Key decision: go/no

go for investigative

interviews.

1. Receive briefing

and ask questions

Key decision: accept/not

findings of investigation and

report.

1. Review final report (in case

of PCT and OCG)

4 See Standard on Investigative Tiers (Appendix E)for information on what constitutes a Tier 4 or 5

investigation.


49

Waypoint A B C

2. Receive briefing and ask

questions of IU/co-

investigators to understand

situation, plan, and how

fairness will be incorporated

into process

3. Review specialist advice

(e.g. from LSB) as

appropriate

4. Determine whether an

external fairness observer is

needed

5. Approve go/no go for investigation, including sign off on ToR

of IU/co-

investigators to

understand

interview plan, and

how fairness will

be incorporated

into process

2. Review specialist

advice (e.g. from

LSB) as appropriate

3. Approve go/no

go for investigative

interviews

2. Receive briefing and ask

questions of IU/co-investigators

to understand items listed

below and whether fairness

satisfactorily addressed

3. Review specialist advice (e.g.

from LSB) as appropriate

4. Accept report or provide additional direction to IU/co-investigators as appropriate

IU activities to

support

executive

1. Prepare materials for

executive review, including

ToR, Investigative Plan, and

specialist advice

2. Hold executive briefing

1. Prepare

interview plan,

fairness checklist,

and specialist

advice as

appropriate

2. Hold executive briefing

1. Establish findings

2. Key messages for executive

3. Ancillary issues

4. Recommendations (in case of

PCT and OCG, as appropriate –

PSA recommendations are

delivered at a later phase that

does not apply to OCG and PCT)

5. Brief executive

Considerations:

1. “Executive” includes:

a. An executive member (ADM or higher) or delegate for the IU(s) which have jurisdiction over the incident; and

b. A ministry representative (ADM or higher).

2. Where an investigation encounters an ancillary issue (an issue – e.g. of misconduct, a breach,

etc – not contemplated within the original ToR), an executive briefing will be held to determine

whether:

a. The issue should be investigated separately; or b. The scope/ToR should be amended to incorporate the ancillary issue into the

investigation.

3. To ensure appropriate outcomes, each IU is to develop and maintain robust procedures,

including quality assurance mechanisms, and IU Executive Directors/Directors are accountable

for ensuring investigations conducted appropriately.


50

Appendix I: Reporting Checklist

Initials Date

File No. Ministry Preparer

Reviewer

QA

The Investigation and Forensic Unit adheres to the reporting standards listed below. The criteria are based on the Standard Practices for Investigative and Forensic Accounting (IFA) Engagements, as well as, the reporting standards established by the Association of Certified Fraud Examiners (ACFE).

Criteria Y/N/NA Comments

IFA 600.03

Prior to issuance of the report, the investigator is satisfied that there is sufficient support for the content of the report, including any findings and conclusions reached.

ACFE Section V B.1 / IFA 600.05

The report is based on evidence that is sufficient, reliable and relevant to support facts, conclusions, opinions and/or recommendations related to the fraud examination. The report is confined to subject matter, principles and methodologies within the member’s area of knowledge, skill, experience, training or education.

IFA 600.04

The findings and conclusions are presented in an objective and unbiased manner.

ACFE Section V B.2

The report does not express any opinion regarding the legal guilt or innocence of any person or party.

IFA 600.06

The investigator considered all relevant information that could impact the findings and conclusions.

IFA 600.08 All reports should include, where appropriate, the following information:

(a) The name(s) and professional designation(s) of the investigator(s) and/or the firm responsible for the report.

(b) Who retained the investigator and to whom the report is directed.


51


(c) The date of the report.

(d) The effective date for the findings and conclusions, if different from the date of the report.

(e) The objectives and circumstances of the engagement and the purpose for which the report is being prepared.

(f) Identification of the documents and sources of information relied upon to prepare the report.

(g) The extent of reliance on the work of others.

(h) The techniques and procedures performed when preparing the report, including a description of the approach and rationale for selecting such approach.

(i) Any underlying assumptions and the reasons for relying on such assumptions.

(j) The definition(s) of any technical terms and interpretations used in the report.

(k) The findings and conclusions reached and any supporting analyses and charts.

(l) Sufficient information to enable the user to relate the findings and conclusions to the supporting analyses, information and documents.

(m) Any restrictions on the use of the report.

(n) Any scope or other limitations affecting the findings and conclusions.

IFA 600.09 Where the independence of the investigator may reasonably be questioned, the following should be disclosed:

(a) The role of the investigator.

(b) The relationship of the investigator to any of the involved parties.

(c) The investigator’s conclusion regarding whether he/she is independent.

IFA 600.10

Where different approaches adopted yield different results, the report should include the range of such results and where possible, provide information to facilitate a conclusion.

IFA 600.11.

When relevant information is unavailable or relevant analyses are unable to be performed, the limitation(s) on the scope of the work, the reasons for the limitations(s), and the potential impact on the findings and conclusions, and any other qualifications, should be disclosed in


52


the report.

OCG Internal Policies and Procedures

Report includes the OCG report disclaimer: Our report is ‘private and confidential’ and is prepared solely for the Comptroller General, Ministry of Finance, Province of British Columbia. As such, our report is not intended for general use, circulation or publication without the express permission of the Comptroller General. For the avoidance of doubt our report may not be disclosed, copied, quoted or referred to in whole or in part, whether for the purposes of litigation, disciplinary proceedings or otherwise, without the Comptroller General’s written consent in each specific instance.

SELF-ASSESSMENT

Completed by:

Date

[Title]

Reviewed by:

Date:

[Title] QUALITY ASSURANCE REVIEW Name: Title: (print)

Date: Signature


53

Appendix J: Report Distribution Log

File No.:___________

Report name: _______________________________________________________________

DISTRIBUTED TO:

Date Name Title Government Entity

Method Cmplt'd by

Name Signature Date

Prepared by:


Key: ADM: Assistant Deputy Minister EFO: Executive Financial Officer CFO: Chief Financial Officer ED: Executive Director

Key: DM: Deputy Minister ADM: Assistant Deputy Minister EFO: Executive Financial Officer CFO: Chief Financial Officer ED: Executive Director


54

Appendix K: Reviewer’s Checklist

<project name and number >

W/P Index

Project Leader

Reviewer

A. Planning Phase The engagement working papers contain the following documents:

1. Terms of Reference, approved by the client as evidence of concurrence with the terms of the engagement, approved by the Comptroller General to document approval of the terms.

2. Planning Memorandum, approved by the Comptroller General. The Planning Memo includes:

evidence of an understanding of the unit entity and its environment, including a description of the client’s business and significant activities and programs delivered

the engagement scope, and the risk assessment supporting the decisions which determined what to include in the scope

the engagement objectives and criteria by which they will be assessed and

the overall engagement plan, including the planned approach, allocation of resources and a detailed time budget.

Work Programs were prepared for each component of the engagement to identify the procedures by which actual performance, in relation to the objectives and criteria, will be measured.


55

W/P Index Project Leader

Reviewer

B. Fieldwork Phase

The engagement working papers contain the following documentation:

1. Sufficient, appropriate, relevant, and competent evidence about actual performance is in the files to support all conclusions, issues and recommendations formed.

2. For every scope component staff have prepared a detailed description of what the activity or system is expected to do and how it is performing.

3. A comparison of actual to expected performance, and an assessment of the significance for identified variances, is documented in the working papers.

4. Verification procedures have been performed to collect and document the evidence necessary to support conclusions against each objective.

5. Suspicious transactions (if applicable) have been flagged for review/consultation with the Director, Investigation and Forensic.

6. Overall conclusions on actual performance relative to the planned objective(s) and criteria are documented in the file

7. Review notes are cleared and cross-referenced to work performed, and the review notes are retained in the working paper file.

8. Pertinent working papers are indexed, titled, initialled and dated by the preparer and reviewer.


56

W/P Index Project Leader

Reviewer

C. Reporting Phase The working papers contain the following documents and supporting information:

1. A Report Outline, approved by the Comptroller General, is retained in the working paper file.

2. Notes prepared for exit meetings and notes from discussions of all significant engagement findings with senior client management at the conclusion of the fieldwork phase, are retained in the working paper file.

3. The written report explains the purpose, scope, and results of the engagement, which reflect the purpose, scope and objective statements included in the Terms of Reference.

4. A summary, which highlights the major themes of the engagement, is included as part of the report. It summarizes the purpose, scope, objectives and results of the engagement.

5. All conclusions, issues and recommendations in the report are supported by working papers, and the file copy of the report is referenced to the working papers.

6. The Comptroller General has approved the report before its issue.

7. A quality assurance review is performed before the report is finalised.

8. An administrative fairness evaluation is performed before the report is finalised.


57

W/P Index Project

Leader Reviewer

Working Paper File Completion

1. The file is bound and properly labelled.

2. The file contents are in the proper sequence.

3. The file is completely and accurately indexed and cross-referenced.

4. A working paper index is included in the file.

5. The report and transmittal letter/s are included in the file.

Project Completion

Staff Evaluation Completed

Engagement Debrief Completed

In my opinion, there is sufficient, appropriate evidence documented in the engagement working paper files to support all conclusions, comments and recommendations in the report.

Completed by:

Date:

Project Leader


58

1. In my opinion, there is sufficient, appropriate evidence documented in the engagement

working paper files to support all conclusions, comments and recommendations in the report.

2. IU Policy framework was complied with, or valid reasons were provided for areas of non-compliance.

3. All important matters for the attention of subsequent reviews have been noted. Reviewed by: [Title] Date:


59

Appendix L: Interview Process

Recording Interviews

Advantage of Recording Interviews

The advantages of digitally recording an interview are as follows:

Accuracy: A digital recording mitigates the risk of interviewees challenging the

investigative team’s written record of the discussion. A digital recording accounts for;

o the exact wording and tone used by all parties;

o the overall tone and pace of the interview;

o the duration of the interview in real time; and

o phrasing, hesitations, outbursts, pauses and interruptions.

Productivity: Use of a digital recording device (DVR) reduces the time to conduct an

interview; specifically, generally writing out interviewees’ statements slow down the pace

of an interview, as the pace is dictated by how fast the interviewers can write.

Quality: Digitally recording an interview allows an interviewer to focus on the interviewee

enhancing the quality of the interview because the interviewers focus is not affected with

the need to write down and paraphrase the interviewee’s statement.

Impact: Statements in an individual’s s own words have more of impact than that of a

summary or a paraphrased account of events describe by the interviewee.

Consent to Recording Interviews

To avoid the risk of non-compliance with administrative fairness principles consent from the interviewee is required to digitally record their response during the interview. This process involves:

requesting the interviewee to sign a consent form prior to the commencement of the

interview: and

during the introduction stage of the interview acquiring the interviewee’s verbal recorded

consent that they are aware and gave permission to record the interview.

If the interviewee declines to have the interview digitally voice recorded, IU team members should advise individuals that the recording of the interview is also to their benefit to mitigate the risk that any comments they make are not taken out of context.

The interviewer is to advise the interviewee that:

the use of a DVR results in an interview will be completed in a more timely manner;

is to everyone’s advantage to have an accurate and permanent recording of the

discussion; and

they are entitled to an electronic or hard copy of the transcript at the conclusion of the

investigation.


60

The interviewer is to re-confirm the interviewee’s decision with respect to recording the interview. On case-by-case basis the engagement team will decide whether to procced with an interview if the interviewee continues to object to the use of recording devices. There is a larger risk of proceeding with the non-recording of an admission seeking interview than there is with an information gathering interview.

When a DVR is not used, at the conclusion of the proceedings, the interviewers are to provide their hand written notes to the interviewee for review and approval. The interviewee must initial each page and sign and date the last page to confirm their agreement with the summary of their statement.

At minimum two IU team members are to be present in all interviews. When recording devices are:

utilized, two devices are required to mitigate the risk of a loss of information from

technical difficulties; and

not utilized one team member will lead the investigation and the other will be the

dedicated note taker.

However, at all times interviewers may take notes of pertinent facts as warranted.

Procedural Fairness

Planning

When initiating interview requests, IU team members are to advise individuals of the purpose of the interview in general terms. IU team members are to be aware that providing too much information or details of the concern to individuals in advance of the interview may compromise the integrity of the investigative proceedings.

For example: Concerns related to the mismanagement and misappropriation of government assets involving your offices have been reported to the Comptroller General. We are gathering information to assess the concerns and believe that you are privy to information to assist us with our assessment of the concerns.

Note: to be tailored on whether information gathering or information seeking interview.

Interviewees are to be advised that they are permitted to have a representative with them during the interview process.

Interview Proceedings

Set-Up

Ensure that the interviewee has a clear path to the exit in the interview location, unless there are potential risks to the interviewers need for unimpeded access to an exit takes precedence.

Introductory Phase

During the introductory phase of the interview, IU team members are to:

confirm that the interviewee has full knowledge and has given permissions to the use of

digital recording devices to record the discussion.

ensure digital recording devices remain in plain view of the interviewee at all times.


61

Inform the interviewee when the digital recording devices are to be turned on or off just

moments prior to the interviewer doing so.

advise/remind individuals of the purpose of the interview. At this point more details as to

the nature of the concerns can be disclosed.

confirm that the individual was advised that they were permitted to representation and

their decision in this matter. If the individual elected not to have representation, the IU

members are to disclose to interviewee that will be provided an opportunity to get

representation if he/she at any time wants to reverse their initial decision.

If the interview is not being recorded a written consent form must be completed by the

individual confirming their decision not to have a representative present during the

proceedings.

For example: Consequently, as a unionized employee, you may have a union

representative present for this interview. Were you given the opportunity to have a union

rep present at this meeting? How do you elect?

advise the interviewee that the representative’s role is that of an observer.

advise the individual that consequences can be a result of any investigation; however,

that discipline is not the mandate of the IU’s investigation.

For example: One of the potential consequences of any investigation is that the findings

may disclose just cause for discipline. While the discipline of staff is not the mandate of

this investigation, the facts contained in this review are available to managers

empowered to take such action.

remind individuals of their Oath of Office (this can involve providing the employee with an

Oath of Office for his/her review).

For example: We would like to remind you of your Oath of Office and we are asking for

your cooperation and request you answer our questions honestly and to the best of your

ability.

inform the individuals that the discussions are to remain confidential and he/she is only

permitted to discuss the process with their representative. In addition, interviewees are

to be advised that non-adherence to confidentiality may result in disciplinary action.

Conclusion Phase

During the conclusion phase of the interview, IU team members are to:

give the individuals an opportunity to revisit any of the questions presented.

remind individuals that discussion is to remain confidential.

advise individuals that any information provided in reasonable amount of time

subsequent to the interview (e.g. 2 weeks) will be reviewed by the engagement team.


62

provide contact information so individuals can provide additional information and/or

reach out to IU team members to discuss something that they may have forgotten during

the interview process.

provide the interviewee an opportunity to read and approve hand written notes when

digital recording device are not utilized.


63

Appendix M: Disclaimer Statements

Email Disclosure Statement

Government confidentiality and privilege requirements apply to this message and any attachments. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use is strictly prohibited. If you are not the intended recipient, please notify the sender immediately, and delete this message and any attachments from both your inbox and deleted items folder. Thank You.

Report Disclosure Statement

This report is embargoed and is provided for <MINISTRY> to review only. This report is private and confidential and not for further distribution.


64

Appendix N: Chain of Custody Form

Ministry of Finance


Chain of Custody Form

Line Date (dd/mm/yy) / Time (hh:mm) of Transfer

Transferred to (Print Name/Signature)

Description / Reason for Transfer

Ministry of Finance


Mailing Address:

PO Box 9413 Stn Prov Govt Victoria BC V8W 9V1 www.fin.gov.bc.ca/ocg

Location Address:

2nd Floor 617 Government Street Victoria BC

Ministry of Finance


Mailing Address:

PO Box 9413 Stn Prov Govt Victoria BC V8W 9V1 www.fin.gov.bc.ca/ocg

Location Address:

2nd Floor 617 Government Street Victoria BC

65

Appendix O: Statement of Understanding

STATEMENT OF UNDERSTANDING

I, hereby acknowledge and declare that:

Print Name

(i) I have been provided with a copy of the Policy and Procedure Manual, Investigation and Forensic Unit, Office of the Comptroller General (the policy and procedure manual) I am aware that is my responsibility to familiarize myself with the policies contained therein as well as the polices referenced within the manual.

(ii) I confirm that I have understood the contents of the policy and procedure manual.

(iii) I agree to conduct my activities in accordance with polices outlined in the policy and procedure manual and understand that breaching these standards may result in disciplinary or other legal remedy available to the Office of the Comptroller General.

Name:____________________________________________ Print Name

Title: _____________________________________________

Organization: _______________________________________

Signature: _________________________________________

Date: _____________________________________________

Investigation and Forensic Unit Policy and Procedures ... · Investigation and Forensic Unit Policy...

Documents

Transcript of Investigation and Forensic Unit Policy and Procedures ... · Investigation and Forensic Unit Policy...